From WikiContent

Secure Electronic Transaction (SET) is a protocol Visa and MasterCard developed in 1996 for
securing credit card transactions over insecure networks such as the Internet. SET utilizes
X.509 certificates and extensions, along with public key cryptography to identify each party
within the e-commerce transaction and transmit the data while maintaining confidentiality.
SET’s unique binding algorithm substitutes a temporary certificate for the consumer’s account
number, so that the online merchant never needs access to this sensitive information. Each
party is required to preregister with the certificate authority (CA), allowing the card issuer to
perform due diligence before it allows the merchant to perform e-commerce transactions, and
then authenticating all parties in the transaction.

On the consumer end, SET creates a hash value of the order information together with the
payment information. The payment information is sent to the bank along with the signed hash
of the order information. The consumer-side software also sends the order information to the
merchant with the signed hash of the payment information. Both the cardholder and the
merchant create equivalent hashes, compared when they are received by the bank or payment
gateway.

This protocol offers a number of different protections for the transaction:

• It authenticates all parties in the initial transaction at time of registration with the CA.
• It performs additional authentication at transaction time through the exchange of
certificates with the consumer, merchant, and payment gateway.
• Sensitive data such as the account number is shared only between the consumer and the
bank and kept on a “need to know” basis, freeing the merchant from the need to store or
transmit this information.

SET transactions

The sequence of events required for a transaction follow:

1. The customer obtains a credit card account with a bank that supports electronic payment
and SET.

2. The customer receives an X.509 v3 digital certificate signed by the bank.

3. The customer places an order.

4. Each merchant has its own certificate, which it sends to the customer so his software can
verify that it’s a valid store.

5. The order and payment are sent.

6. The merchant requests payment authorization from the issuing bank.

7. The merchant confirms the order.

8. The merchant ships the goods or provides the service to the customer.

9. The merchant requests payment.

Evaluation of SET

Unfortunately, due to the amount of overhead involved in the massive Public Key
Infrastructure (PKI) and registration process required by SET, it will never be widely adopted.
The complexities with managing it become unbearable given the size of the e-commerce
market.